Necurs was one of the largest spam-distribution botnets ever observed, at peak controlling around 9 million infected machines and serving as the primary delivery vector for Locky ransomware, Dridex banking trojan, and Trickbot. Microsoft and partners disrupted Necurs in March 2020 through coordinated legal action seizing control of its domain-generation algorithm. The takedown significantly reduced global malspam volume.
This family has been observed using the following ATT&CK techniques: T1071.001 T1059.001
Necurs was one of the largest spam-distribution botnets ever observed, at peak controlling around 9 million infected machines and serving as the primary delivery vector for Locky ransomware, Dridex banking trojan, and Trickbot. Microsoft and partners disrupted Necurs in March 2020 through coordinated legal action seizing control of its domain-generation algorithm. The takedown significantly reduced global malspam volume.
Necurs operated as one of the largest spam botnets in history, spreading through phishing, exploit kits, and pay-per-install affiliate models before a coordinated takedown led by Microsoft and partners in March 2020.
Outbound spam traffic in large volumes, distribution of Locky or Dridex secondary payloads, peer-to-peer botnet traffic, and AV detections for Necurs indicate participation in the botnet.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/necurs.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.